SUMMARY:

• Cyber Security Subject Matter Expert, Cyber Security/vulnerability assessments and mitigation strategies. Hospital IT security assessments, FedRAMP, Security Management, Strategic Security Plans. Counterterrorism experience. Certified Information Security Manager, Certified Data Privacy Solutions Engineer.
• Evaluation and resolution of problem programs. Extensive experience with handling security issues and coordination with flag rank, C - level officials, and government senior level executives.
• Expertise in NIST, CSF, FedRAMP, CMMC, HIPAA, SOC2, Privacy assessments, audits, GRC, 3rd party supply chain

PROFESSIONAL EXPERIENCE:

Confidential

Responsibilities:

• Worked at the request of Assistant Secretary of Defense in establishing oversight and independent assessment of Defense Security Service operations. Directly supported the Directors of Confidential and the Office of Personnel Management. Efforts included vulnerability assessments (NIST A, DITSCAP, various FIPS guidelines), establishment of critical operations call center, revamping entire security clearance process automation, establishing business analysis of Confidential operations, independent verification and validation of contractor software.
• Grew the company from zero to $9 million in under three years.

Confidential

Responsibilities:

• Developed support contract for Lucent’s efforts in support of rebuilding Iraq, identifying partner companies, established negotiations, and drafted proposals.

Confidential

Program Manager

Responsibilities:

• Conducted risk and vulnerability assessments of Confidential HQS networks, including ISS scans of networks. Conducted wireless network evaluations, identified system vulnerabilities, and implemented mitigation strategies. Wrote Security Plans for Confidential HQS networks (including financial, administrative, operational, and public access). Evaluated all networks at Confidential HQS for inclusion into the new “one Confidential ” program mandated by the Confidential CIO, and recommended migration strategies (including product, software and hardware evaluation). Coordinated Confidential HQS Contingency/Disaster Recovery Plan, and conducted all on Confidential HQS Contingency Plan. This involved teaching Confidential systems administrators, system owners, and system developers.
• Worked in the security design and operations planning for a new Confidential video teleconferencing system currently being developed. Conducted vulnerability and risk assessments on the system design, and recommended system modifications.

Confidential

Senior and Accreditation Engineer

Responsibilities:

• Conducted and coordinated all C&A activities at Army Materiel Command HQS. Wrote the security test and evaluation plans, SSAA, configuration management plans, security plans, and disaster recovery plans for the Army Materiel Command HQS networks. Evaluated network architectures for C&A, provided feedback to systems administrators on the network architecture, and documented the networks using VISIO and other tools. These networks had never been documented nor had a comprehensive risk assessment performed before.
• Requested by the AMC CIO to evaluate subordinate command’s C&A packages before receiving accreditation and approval to operate.

Confidential

Manager, Information Risk Management

Responsibilities:

• Developed Public Health Assessment methodology for Texas Commissioner of Health for hospital readiness for biological warfare attack, involving HIPAA compliance, counterterrorism vulnerability assessments, and implementation strategies. Developed assessment methodology for hospital operational networks, plans for connectivity to National Guard, local law enforcement, Centers for disease Control, National Institute of Health, and other agencies, and recommended HIPAA compliance methodology for systems accreditation. Provided checklists for biological/chemical agent recognition, and wrote hospital procedures for mass casualty operations.
• Conducted Counterterrorism Assessments at major telecommunications companies, which involved physical, network, personnel, and executive security operations. Wrote methodologies for executive evacuation, operations personnel relocation, recovery operations, and backup plans. Identified serious vulnerabilities in network architectures, and recommended mitigation strategies. Wrote scenarios for corporate testing and evaluation, and wrote the evaluation methodology for these tests.
• Defined HIPAA requirements and methodologies for University Medical centers and major urban hospitals in Dallas. These hospital complexes were being combined into one large network, with dissimilar software, hardware, administration, and operations. Identified several systems vulnerabilities, and provided mitigation strategies and plans.

Confidential

Program Manager and Director, Information Security Services

Responsibilities:

• Provided information security evaluations to large retailers (global operations), assessed vulnerabilities in hand-held pricing and inventory devices, demonstrated network intercept techniques, and recommended mitigation strategies. Evaluated network security at a large food production corporation (global market), and recommended mitigation strategies during a large corporate acquisition that combined three companies into one.

Confidential

Program Manager and Director, Information Systems Security Services

Responsibilities:

• Developed, received contract, and directed a $10 million Department of Justice contract to perform Independent Verification and Validation on C&A work done by various departments and bureaus including FBI, U.S. Marshalls, Bureau of Prisons. Established the plan for conducting IV&V on DOJ systems, and wrote the methodology for feedback and coordination.
• Defined common policy security requirements for Assistant Attorney General, DOJ Director of Information Security (INFOSEC), and Director of DOJ Justice Management Division.
• Developed methodology to manage security operations and security software functionality for the CASSINI spacecraft for Director of INFOSEC, Jet Propulsion Laboratory, Pasadena, CA. These methodologies ensured the operational information security of the spacecraft during a near-earth flyby. Performed risk assessments for the JPL -managed Defense Nuclear Threat Reduction Agency.